-
Notifications
You must be signed in to change notification settings - Fork 13
/
Copy pathgadj.js
107 lines (45 loc) · 1.76 KB
/
gadj.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
/* For storing the gadget and import map */
window.gadgetMap = [];
window.basicImportMap = [];
/* All function stubs / imports from other modules */
var generateBasicImportMap = function()
{
window.basicImportMap =
{
'5.01':
{
'setjmp': getGadget('libSceWebKit1', 0x866), // setjmp imported from libkernel
'__stack_chk_fail': getGadget('libSceWebKit1', 0x9728DF8),
}
};
}
/* All gadgets from the binary of available modules */
var generateGadgetMap = function()
{
window.gadgetMap =
{
'5.01':
{
'pop rsi': getGadget('libSceWebKit1', 0xA459E),
'pop rdi': getGadget('libSceWebKit1', 0x10F1C1),
'pop rax': getGadget('libSceWebKit1', 0x1D70B),
'pop rcx': getGadget('libSceWebKit1', 0x1FCA9B),
'pop rdx': getGadget('libSceWebKit1', 0xD6660),
'pop r8': getGadget('libSceWebKit1', 0x4A3B0D),
'pop r9': getGadget('libSceWebKit1', 0xEB5F8F),
'pop rsp': getGadget('libSceWebKit1', 0x20AEB0),
'push rax': getGadget('libSceWebKit1', 0x126EFC),
'add rax, rcx': getGadget('libSceWebKit1', 0x86F06),
'mov rax, rdi': getGadget('libSceWebKit1', 0x9863),
'mov qword ptr [rdi], rax': getGadget('libSceWebKit1', 0x31ADD7),
'mov qword ptr [rdi], rsi': getGadget('libSceWebKit1', 0x43CF30),
'mov rax, qword ptr [rax]': getGadget('libSceWebKit1', 0xFD58D),
'jmp addr': getGadget('libSceWebKit1', 0x64F754),
'infloop': getGadget('libSceWebKit1', 0x45A61),
'jmp rax': getGadget('libSceWebKit1', 0x1CA2B9),
'push rax; jmp rcx': getGadget('libSceWebKit1', 0x469B80),
'ret': getGadget('libSceWebKit1', 0xB2),
'syscall': getGadget('libSceWebKit1', 0x1C69364),
}
};
}